"that's a curious choice, to represent IPs as a long; why would you do that."
"oh, it's a standard PHP function? ok, sure, gives you a unique representation for IP suitable for indexing arrays or whatever, but why a long and not the hex translation"
"oh no it's from C"
"oh no it's from AIX"
https://www.php.net/manual/en/function.ip2long.php
then following the link there to http://ps-2.kev009.com/wisclibrary/aix52/usr/share/man/info/en_US/a_doc_lib/libs/commtrf2/inet_addr.htm
and then...yeah.
it's a 32-bit value
that errors on quad-255
because that overflows the long.
y'all.
FFFFFFFF is 8 hexits.
PHP -has- a hex int type.
c'mon.
`//TODO: remove`
O sit right back and you'll hear a tale
a tale of a fateful trip
that started from this tropic shore
aboard a tiny ship
`function auth_encrypt`
oh dear.
`2015_enc.key`
........y'ever found something mysterious in the back of the fridge in an opaque container that nobody remembers the provenance of?
`PHPGangsta_GoogleAuthenticator`
oh hello.
https://github.com/PHPGangsta/GoogleAuthenticator
"Copyright (c) 2012-2016"
........well then.
`//OLD auth` and then more than 100 commented-out lines of dead code.
IIRC, one of the layers of the archaeological site that was claimed to be the site of the legendary Troy was identified by a layer of ash, indicating that the city'd been burned to the ground.
`//local rpc can do anything`
that's a -very- generous definition of 'local' there, buddy, given that 10/24 is one of the blocks, but it kinda becomes farcical with 204.152.204.0/24 also being valid.
.....this file has has two identical functions defining arrays of acronym to name mappings, that differ only by the function name.
what on -earth-
` * @copyright 2012`
it's nice when there's an artifact giving you a date.
`// The description of the INI format`
.....my gods it's full of regex
.......followed up by something with the kind of sparsity and opacity that you see from long-time haskell devs or whateverthefuck lol
single-character variable names, wow.
`$pwd = null; // FIXME`
huh, load-bearing NOP.
`return '0deadbeef';`
not "0xdeadbeef" - just zero-deadbeef.
-fascinating-; I wonder what ritual purpose this artifact could have had.
`$hmac_secret =`
well that's a choice.
wait, the IP bans depend on the user-agent of the browser....?
...........what in the hellllllllllllllllllllllllllllllllllllllllllllll
`function trans_similar_to_ascii`
most of us have settled on UTF-8 these days, actually
a function to discern whether the RPC was happening over an internal* network - if so, raw TCP on 80; if not, "ssl://" on 443
* with, in this case, a 10/16 definition of 'internal'
` const HMAC_SECRET`
ok sure, why not.
`// xor key, 128 bytes as hex, must be longer than the encrypted data`
..........
ok so I read that, kinda stared off into the distance for a couple minutes, got up, went to the bathroom, got a drink, came back, reopened the file, and that was still there, so odds are I'm -not- hallucinating this.
......this file contains some the contents of the -other- files earlier that had the dual copies of acronym to name matching, with some other shit.
It's a good thing I'm not seriously trying to figure out program flow because -what the fuck-
Fi 🏳️⚧️
jamon